Cloud DJ’s – Episode 2: Pentagon Awards $9B Contract to Multiple Cloud Providers
Challenges Around Cloud Governance and Responsibility Persist
Last week the Pentagon announced that it will award its Joint Warfighting Cloud Capability – or JWCC – contract to four vendors: Amazon Web Services, Google, Microsoft and Oracle. The nearly $9bn contract that runs until June 2028 brings in transparency and fairness in the awards process. It also poses challenges ahead such as cloud orchestration, visibility, and cloud responsibility.
While the multi-vendor contract now seems fair and unbiased, it is sure to stir up a hornet’s nest. The four companies will be competing fiercely for individual orders. Will that lead to more courtroom battles?
With pieces of the U.S. DoD IT infrastructure now spread across four cloud platforms, it also raises certain questions about the manageability of the infrastructure.
Hybrid, multi-cloud architectures are common in the enterprise today. In the early days, this architecture posed many challenges. Today, there is more cooperation among vendors, and enterprises benefit from better cloud orchestration through APIs and connectors.
How will this cloud orchestration happen with the Pentagon’s IT infrastructure?
Visibility and management through “a single pane of glass” or dashboard is another ask from private sector CIOs. Will this happen in the Pentagon’s cloud, where secrecy and confidentiality take precedence?
There’s also a risk of data leakage, as cloud service providers tend to create copies of data across data centers in different countries through regions and availability zones. How will the CSPs address data sovereignty?
Cybersecurity attacks by state actors will continue to haunt the U.S. Government. And U.S. presidential elections are just a year away. Yes, big tech companies like Microsoft have stepped up their fight against global cyberattacks. And Google now has Mandiant to firm up its cloud security and keep watch.
Finally, there’s the issue of the software bill of materials or SBOM to be addressed. In a May 2021 executive order, the U.S. government mandated suppliers and contractors to maintain an SBOM for each product. This was done with the intention of mitigating supply chain attacks.
It was widely reported that this mandate was strongly resisted by big tech companies. A trade group called the Information Technology Industry Council, whose prominent members are Amazon, Microsoft, Intel, AMD, Lenovo, IBM, Cisco, Samsung, TSMC, Qualcomm, Zoom and Palo Alto Networks (among others) argued that SBOMs are not currently scalable or consumable.
The new JWCC contract that replaces JEDI is valid until 2028. It will be interesting to observe how the four chosen vendors will cooperate to resolve all these issues in the interest of providing secure infrastructure services to the U.S. government.
See also: Are your Cloud DJ’s Spinning and Scratching Right?